Defining Keys in Parmlib › In-House Keys › How Keys Are Generated and Managed

How Keys Are Generated and Managed

Keys are generated automatically in the following manner:

• The Regenerate= attribute specifies the time interval for generating new keys.
• The NumberOfGenerations= attribute specifies how many keys to generate in advance.

  Note: For more information about these attributes, see the Configuration Guide.

  When new keys are automatically activated, older keys are automatically deactivated.

• The older, deactivated keys are no longer used to encrypt data. These deactivated keys are retained until your tape management system indicates that they are no longer needed, that is, until all tapes using them have become scratch tapes and have been physically overwritten (reused).
• Keys that you deactivate because they have been compromised are no longer used to encrypt data.
• These deactivated keys are retained in case they are needed to decrypt data that had been encrypted with them.